DFSR Replication problem - only replicating in one direction

Posted on 2010-01-10
Medium Priority
Last Modified: 2012-05-08
I am trying to setup DFSR on a number of server 2008 machines and am not having alot of joy.

We have two file servers in our head office and one in a branch office, the DFS setup i want is as follows.

1. HOFS1 (head office file server 1) Applications drive synched with BFS01 (branch file server)

2. BFS01 sending up two folders onto HOFS2 (for backups)

In order to do this i setup a replication group for each situation, what is happening is the branch server is receiving replication from the Head office servers but the Head office servers receive no replication from the branch server.
ie. if i create a folder at head office it does replicate to the branch server but if i create the file on the branch server it won't replicate to head office.

On the HO servers i get the following error-
The DFS Replication service encountered an error communicating with partner RYDDC1 for replication group Applications Drive DFS.
Partner DNS address: bfs01.contoso.local
Optional data if available:
Partner WINS Address: bfs01
Partner IP Address:
The service will retry the connection periodically.
Additional Information:
Error: 1753 (There are no more endpoints available from the endpoint mapper.)
Connection ID: E90D977A-6A6D-4D9C-869B-1AC3AF63EE2B
Replication Group ID: 9B1324F5-5945-4511-9F83-BCF2A63DB7E6

On the Branch file server i get the following error-
The DFS Replication service failed to communicate with partner WFS02 for replication group ryddc1 to wfs02 dfs test. The partner did not recognize the connection or the replication group configuration.
Partner DNS Address: hofs02.rap.local
Optional data if available:
Partner WINS Address: hofs02
Partner IP Address:
The service will retry the connection periodically.
Additional Information:
Error: 9026 (The connection is invalid)
Connection ID: 7DA245B6-AD8A-4032-9A59-E8A54B13916C
Replication Group ID: C5DB2B5A-B524-4880-9B8B-F2D39BC59678

Any ideas what could be going on?
I've turned off local firewalls completely, disabled anti-virus and gotten an 'any' rule created on our corporate firewall between these servers.

Ohh the branch server bfs01 is also a domain controller, while the two head office servers are just running file services.

I setup a test replication group between the two head office servers and everything worked fine which led me to think it was corporate firewall, however any communication between these servers.

Really appreciate some help with this been struggling away at it for a week now without real success.
Question by:andoss
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3

Author Comment

ID: 26280783
As bfs01 is a domain controller it's running the 'File Replication Service', i thought this could possibly be causing a conflict and stopping DFSR from working?

I just can't figure what else is different between the servers, there is just the location (branch office so different subnet) and the fact it's running domain services.
LVL 24

Expert Comment

ID: 26319828
Please run a DFS-R health report using dfsmgmt.msc as it will show you the exact connection object that is invalid,it can be removed & recreated to add it back.
Use Dfsrdiag pollad /mem:<member name> to force a poll & see if error goes away.
LVL 24

Expert Comment

ID: 26319838
Also check for Dns & AD replication is working correctly.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 24

Expert Comment

ID: 26319922
# Cause:

DFSR servers do not have permission to read AD information on themself or their
This has been changed by the customer, there are no bugs here.
Without auditing you will not be able to determine show changed these permissions
and only infer when they were changed.

# Solution:

Verify that "Authenticated Users" is set with the default READ permission on:

- The computer object in AD
- The DFSR-LocalSettings object under the computer
- The msdfsr-subscriber object under the localsettings object
- The msdfsr-subscription object under the subscriber object

(and that there are no denies set for groups that the servers could be a member of).

Once permissions are correct, use DFSRDIAG POLLAD to pick up the changes.

Author Comment

ID: 26320176
Thanks very much for the reply Awinish.

The DFSR Health Report comes up with errors on one connection and warnings on the other connection, not sure what you mean by invalid but i've tried deleting and recreating them both without success.

DNS & AD Replication is all working correctly from what i can see.

I checked the permissions in adsiedit.msc that you listed and they all seem correct except i'm unable to find any msdfsr-subscriber or msdfsr-subscription objects. Are these still used in Server 2008? All i can see under the local settings object is another object with a GUID name and this has correct permissions anyway.

I'm considering demoting the branch server from being a domain controller and giving DFSR a shot after that, however it's a big job as i'll need to do it after hours etc. Can you see that being worthwhile or just going to be wasting my time?

Accepted Solution

andoss earned 0 total points
ID: 26376258
The problem was with the StaticRPC port i had set.

I ran the dfsrdiag staticrpc /port:41954 command on all three servers but it didn't seem to take effect on the branch server.

I found this out by getting the network guys to check firewall logs, all comms were coming from 41954 and going to one of the random RPC ports.
I assume the branch server was sending data on one of the random RPC ports but the head office servers were only listening on 41954.

ran the command dfsrdiag staticrpc /port:41954 /member:bfs01 from our HO server and replication started working straight away.

Pretty frustrating....

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question